Controlling HTTP Cookies on a WCF Client

A few customers have tried to control their HTTP Cookie headers from a smart client (using a previously cached cookie for example). The common experience has been “I enabled AllowCookies=true, and added the cookie using HttpRequestMessageProperty.Headers.Add. But somehow my cookie didn’t get included in my request.”

This is because “allowCookies” is a somewhat unfortunate name. When setting “allowCookies=true” on your HTTP-based binding (WsHttpBinding, BasicHttpBinding, etc), what you are indicating is that you want WCF to manage the cookie headers for you. That means that WCF will create CookieContainer, associate it with any IChannelFactory that is created from the binding, and then use that CookieContainer for all outgoing HttpWebRequests. The end result of this setup is that the user has zero control over his cookies, since the CookieContainer is taking over all management (including echoing server cookies if and only if a cookie was sent in an earlier response to that factory).

To cut a long explanation short, if you want to manipulate cookies on the client, then you (somewhat unintuitively) need to ensure that allowCookies=false.  In this manner, you are taking full responsibility for all cookies sent on that channel (in all cases, including capturing response cookies and echoing appropriately).

5 thoughts on “Controlling HTTP Cookies on a WCF Client

  1. Cédric Peruzzi

    Hi,

    I’m struggling against this problem for some days now and I still don’t know how to implement this kind of behavior.

    Actually I’m looking for a way to get a cookie from a service and reuse it with other services.

    So I have multiple endpoints (12 in this case) and one of those is used for authentication. When the authentication is successful I receive a cookie with the JSESSIONID of the session and I need to use this cookie for other services.

    The server-side is written in java and I cannot change the way the user authenticate themselves.

    I you have any clue it would be very appreciated.

    Thanks in advance

    Reply
  2. Sai

    Hello Cedric,
    I have a similar problem was wondeirng if you can educate me if we had any success.
    My email is k_sai at yahoo dot com.

    THanks
    Sai

    Reply
  3. Björn

    Hello Kenny,

    Very valuable info about setting ‘AllowCookies=false’! This was the only thing that kept my solution from working ok.

    Greetings,

    Björn

    Reply
  4. Pingback: Enable Cookies (Session) in WCF – AspNetCompatibilityRequirements « Stack 24/7

  5. snowdreamist

    That’s the problem……I have struggled on this problem for a few days — I set allowCookies = true, it seems that if I want to send cookie, I should set this property according to its name…..until I read your article… great thinks.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *